CVE-2021-44168
Published: 04 January 2022
Summary
CVE-2021-44168 is a low-severity Download of Code Without Integrity Check (CWE-494) vulnerability in Fortinet Fortios. Its CVSS base score is 3.3 (Low).
Operationally, ranked in the top 21.1% of CVEs by exploit likelihood; CISA has added it to the Known Exploited Vulnerabilities catalog.
The strongest mitigations our analysis identified are NIST 800-53 CM-14 (Signed Components) and SI-7 (Software, Firmware, and Information Integrity).
Deeper analysis
CVE-2021-44168 is a download of code without integrity check vulnerability, tracked under CWE-494, that affects the "execute restore src-vis" command in FortiOS versions prior to 7.0.3. The flaw resides in the handling of update packages for this command and carries a CVSS v3.1 score of 3.3.
A local authenticated attacker can exploit the issue by supplying specially crafted update packages, resulting in the device downloading arbitrary files without verification. The attack requires local access and low privileges but does not impact confidentiality or availability, only limited integrity on the target system.
FortiGuard advisory FG-IR-21-201 addresses the vulnerability and indicates that FortiOS 7.0.3 and later releases contain the fix. The CVE is also listed in the CISA Known Exploited Vulnerabilities catalog, confirming observed real-world exploitation activity.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2021-31018
Vulnerability details
A download of code without integrity check vulnerability in the "execute restore src-vis" command of FortiOS before 7.0.3 may allow a local authenticated attacker to download arbitrary files on the device via specially crafted update packages.
- CWE(s)
- KEV Date Added
- 10 December 2021
Related Threats
No named actor attribution yet. ATT&CK technique mapping in progress for this CVE.
Affected Assets
Mitigating Controls
Mitigating Controls (NIST 800-53 r5) AI
Directly requires cryptographic or other integrity verification of software, firmware, and update packages before they are applied, blocking the exact CWE-494 flaw in the restore command.
Mandates that system components and update packages be digitally signed and that signatures are validated prior to installation or execution.
Requires verification of component authenticity and provenance, which would detect or reject the specially crafted unsigned update packages used in this attack.